<?php
header("Access-Control-Allow-Origin:*");
require("../lib/init.php");
require("../pojo/token.php");
require("../pojo/admin.php");
$username = $_POST['username'];
$password = md5($_POST['password']);
$roleId = $_POST['roleId'];
$token = $_POST['token'];
if (empty($roleId) or empty($token) or empty($username) or empty($password)) exit("缺少必要参数！");
if (!checkToken($token)) {
    $code = 400;
    $msg = "没有权限";
} else {
    if (!checkAdmin($username)) {
        $newtoken = generateRandomString(25);
        $sql = "insert into admin (username,password,token,roleId) values ('$username','$password','$newtoken','$roleId')";
        if (!MQuery($sql)) {
            $code = 400;
            $msg = "添加失败！";
        } else {
            $code = 200;
            $msg = "添加成功！";
        }
    }else{
        $code = 400;
        $msg = "对不起，角色已经存在！";
    }
}

echo json_encode(resultmsg($code, $msg));
